From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-125088-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QdY1c-0001Aa-Fy
	for garchives@archives.gentoo.org; Mon, 04 Jul 2011 01:32:36 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AA4AC21C059;
	Mon,  4 Jul 2011 01:31:15 +0000 (UTC)
Received: from svr-us4.tirtonadi.com (unknown [69.65.43.212])
	by pigeon.gentoo.org (Postfix) with ESMTP id 836B021C059
	for <Gentoo-user@lists.gentoo.org>; Mon,  4 Jul 2011 01:31:15 +0000 (UTC)
Received: from mail-ew0-f53.google.com ([209.85.215.53])
	by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128)
	(Exim 4.69)
	(envelope-from <pandu@poluan.info>)
	id 1QdY0H-0045Ff-Vb
	for Gentoo-user@lists.gentoo.org; Mon, 04 Jul 2011 08:31:14 +0700
Received: by ewy8 with SMTP id 8so1833151ewy.40
        for <Gentoo-user@lists.gentoo.org>; Sun, 03 Jul 2011 18:31:11 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.14.99.71 with SMTP id w47mr1667453eef.221.1309743071386; Sun,
 03 Jul 2011 18:31:11 -0700 (PDT)
Received: by 10.14.189.12 with HTTP; Sun, 3 Jul 2011 18:31:10 -0700 (PDT)
Date: Mon, 4 Jul 2011 08:31:10 +0700
Message-ID: <CAA2qdGXHV9_zu0YNsX5c5rFVE2yu-E1t5TA+6T2P=DEiwaGApA@mail.gmail.com>
Subject: [gentoo-user] Portknock before Postfix delivery?
From: Pandu Poluan <pandu@poluan.info>
To: Gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com
X-AntiAbuse: Original Domain - lists.gentoo.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - poluan.info
X-Archives-Salt: 
X-Archives-Hash: 232b33b76467f07cf45acdc367fc4376

I'm just wondering...

I'm implementing an email gateway using postfix. The gateway lives as
a VM in my ISP, and it will deliver 'accepted' emails to the company's
email server which lives in the DMZ. The email server's port is
shifted to a non-25 external port number.

So far so good. However, a portscanner might still be able to detect
which port is open and attempt deliveries there.

So, the question: Is it possible to configure the system in some way
so that Postfix will first perform a portknocking before attempting
delivery to the internal mail server?

If that is not possible, what solution would you recommend to 'harden'
the non-25 mail port?

Rgds,


-- 
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/